Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Credentials

Below you will find reports with the tag of “Credentials”

image from Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation (CBI) and Possibly Indian Army Officials

Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation (CBI) and Possibly Indian Army Officials

“In my previous blog posts I posted details of cyber attacks targeting Indian Ministry of External Affairs and Indian Navy’s Warship and Submarine Manufacturer. This blog post describes another attack campaign where attackers impersonated identity of Indian think tank IDSA (Institute for Defence Studies and Analyses) and sent out spear-phishing emails to target officials of the Central Bureau of Investigation (CBI) and possibly the officials of Indian Army.”

(more available)
Added: November 15, 2018
image from The Deception Project: A New Japanese-Centric Threat

The Deception Project: A New Japanese-Centric Threat

“In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution. The key factor we should focus on, as an industry, is determining HOW an attacker can take down an organization, rather than focusing only on the WHO. Once we can identify how the attack happened, we can focus on what’s really important – prevention.”

(more available)
Added: November 15, 2018
image from Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by remotely controlling PC microphones – in order to surreptitiously “bug” its targets – and uses Dropbox to store exfiltrated data, CyberX has named it “Operation BugDrop.”

(more available)
Added: November 15, 2018
image from A Large Scale Cyber Espionage APT in Asia

A Large Scale Cyber Espionage APT in Asia

The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments. During Operation Cobalt Kitty, the attackers compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server.

(more available)
Added: November 15, 2018
image from Operation Electric Powder - Who is Targeting Israel Electric Company

Operation Electric Powder - Who is Targeting Israel Electric Company

From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These include domains, file names, Java package names, and Facebook activity. We dubbed this campaign “Operation Electric Powder“.

(more available)
Added: November 15, 2018
image from Iranian Threat Agent OilRig Delivers Digitally Signed Malware Impersonates University of Oxford

Iranian Threat Agent OilRig Delivers Digitally Signed Malware Impersonates University of Oxford

Iranian threat agent OilRig has been targeting multiple organisations in Israel and other countries in the Middle East since the end of 2015. In recent attacks they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. This report offers insight into this threat.

(more available)
Added: November 15, 2018
image from Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

This report describes Nile Phish, an ongoing and extensive phishing campaign against Egyptian civil society.

Added: November 12, 2018
image from Dissecting the APT28 Mac OS X Payload

Dissecting the APT28 Mac OS X Payload

This report analyzes the Mac specific malware from APT28 named Trojan.MAC.APT28

Added: November 12, 2018
image from Lazarus & Watering-hole attacks

Lazarus & Watering-hole attacks

This report provides an outline of the attacks against Polish banks based what was shared in the article, and BAE Systems’ additional findings.

(more available)
Added: November 12, 2018
image from Lazarus' False Flag Malware

Lazarus' False Flag Malware

The post contains Analysis on a wave of attacks targeting banks as well as the falsified origins of said attacks.

(more available)
Added: November 12, 2018
image from Certificate Authority Compromise: How Quickly Can Financial Services Restore Trust

Certificate Authority Compromise: How Quickly Can Financial Services Restore Trust

This paper cites a Dimensional Research survey of 250 IT security professionals in financial services organizations located in the U.S., U.K., Germany, France and Australia. The survey examines the challenges faced by the financial services industry in managing certificates, and the results illustrate the importance of incorporating CA-agility into a certificate management strategy. The survey also explores the federal government and other industries, including healthcare, retail and technology.

(more available)
Added: November 6, 2018
image from 2017 Financial Cybersecurity Report

2017 Financial Cybersecurity Report

“To take a look at the cybersecurity health of financial institutions, this September, SecurityScorecard analyzed 2,924 financial institutions in the SecurityScorecard platform to find existing vulnerabilities within banks, investment firms, and other financial firms to determine the cybersecurity performance of the financial sector, especially as compared to other industries. Our team also analyzed the cybersecurity posture of the Top 20 highest performing FDIC-insured banks to understand what security factors pose risks to these financial institutions.”

(more available)
Added: November 4, 2018
image from 15 Server Privilege Management Use Cases For Unix & Linux

15 Server Privilege Management Use Cases For Unix & Linux

This white paper explains common use cases for privilege management on Unix/Linux servers.

Added: October 26, 2018
image from 2018 Eye On Privacy Report

2018 Eye On Privacy Report

This paper tries to answer the question, “What does the general public know about data privacy?”

Added: October 26, 2018
image from A Guide To Endpoint Privilege Management: Secuirty Fundamentals

A Guide To Endpoint Privilege Management: Secuirty Fundamentals

In this whitepaper you will learn what endpoint privilege management is and how an effective approach significantly enhances an organization’s security against rising cyber crime. They cover the origins of the least privilege concept, the benefits of application control, the current cyber threat landscape and how endpoint privilege management works to combat this with minimal disruption to user productivity.

(more available)
Added: October 26, 2018
image from An Attack Pathway Into Your Organization? There's An App For That

An Attack Pathway Into Your Organization? There's An App For That

Recommendations for securing and managing privileged credentials used by enterprise applications

Added: October 26, 2018
image from Applying Deception Mechanisms for Detecting Sophisticated Cyber Attacks

Applying Deception Mechanisms for Detecting Sophisticated Cyber Attacks

The research department at TopSpin Security conducted an experiment to investigate the performance of deception technologies in a simulated corporate environment in which more than 50 professional hackers and security experts used their knowledge and skills to try to extract a pre-defined piece of data and stay undetected. The experiment sought to answer a number of questions, including: 1) What kind of attacker will be attracted to what different type of resources (traps)? 2) What deception mechanisms should the defending organization employ? 3) Where should they be placed? 4) What kind of traps should be used Every attack pattern was carefully monitored and upon completion the data logged was analyzed and aggregated. Trends, attack patterns and statistics were derived from the data logged.

(more available)
Added: October 26, 2018
image from Best Practices For Privileged Identity Management In The Modern Enterprise

Best Practices For Privileged Identity Management In The Modern Enterprise

In this paper, they explore the modern enterprise — a hybrid organization with infrastructure spread across on-premises data centers as well as hosted in the cloud and one where IT functions are split between internal and 3rd-party administrators. They look at these and related trends impacting our data security and specifically, best practices on how to manage and govern privileged user access to mitigate these risks.

(more available)
Added: October 26, 2018
image from Combating False Declines Through Customer Engagement

Combating False Declines Through Customer Engagement

Based on quantitative consumer research, the report looks at the likelihood that false declines at the point of sale (POS) will prompt consumers to leave their financial institution (FI). The report also looks at technologies that can reduce false declines as well as consumers’ propensity to proactively engage with these technologies.

(more available)
Added: October 26, 2018
image from Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events. The report should provide valuable information that can be used by businesses and policymakers as they develop policies and best prac-tices related to information security and data breach response. More- over, it should be of interest to individuals who conduct business with any organization that holds their personal and confidential data.

(more available)
Added: October 26, 2018
image from Dridex v4

Dridex v4

The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has since re-emerged. This paper provides an overview.

(more available)
Added: October 26, 2018
  • ««
  • «
  • 14
  • 15
  • 16
  • 17
  • 18
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 3, 2025 04:08 UTC (build b1d7be4)